5 matches found
CVE-2020-35349
Savsoft Quiz 5 is affected by Cross Site Scripting (XSS) via the field_title input on the custom fields page. The vulnerability is described across multiple sources as XSS, affecting Savsoft Quiz 5. No remediation, exploit specifics, or affected versions are provided in the supplied documents. Ex...
CVE-2020-27515
CVE-2020-27515 affects Savsoft Quiz v5.0 with a Cross-Site Scripting (XSS) vulnerability that allows remote injection of arbitrary script/HTML via the Skype ID field. The NVD entry lists CVSS 3.1/6.1 (Network, Low prep, User interaction required, Changed scope) and CVSS 2.0 base 4.3 (Medium). No ...
CVE-2020-24609
Savsoft Quiz 5.5 and earlier is affected by CVE-2020-24609 (Stored XSS). The vulnerability resides in the User Registration flow, where an attacker can inject a payload that triggers when the admin visits the Manage Users page, enabling cookie theft. Multiple connected sources corroborate a store...
CVE-2024-4256
Techkshetra Info Solutions Savsoft Quiz 6.0 has a cross-site scripting (XSS) vulnerability in the Category Page editCategory function (/public/index.php/Qbank/editCategory). The issue arises from manipulating the category_name parameter with input like >, which allows script execution in the c...
CVE-2024-34401
CVE-2024-34401 affects Savsoft Quiz 6.0. The issue is a stored XSS in the quiz_name parameter of the index.php/quiz/insert_quiz/ endpoint. The Red Hat/CNNVD/CVE references corroborate a cross-site scripting vulnerability in Savsoft Quiz 6.0. The available sources do not specify a fixed version or...